Office 365 provides protection for your email account with automatic filters that divert suspected spam to a separate folder away from the Inbox. It also has a separate safe sender list that allows senders to be trusted and allow images to be download automatically from the send outs.
While this safeguard is usually helpful, valid emails from companies, colleagues and loved ones may also end up in the spam folder.
Creating a whitelist tells the program which domains it should always allow through and eliminates the possibility of missing legitimate emails.
(New path) Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy.
Holm Security's recommendation is that whitelisting should only be used during a send out and it should be removed in between send outs to make it a safe a process as possible.
In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery in the Rules section.
On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps:
- Click Edit.
- If there are no configured phishing simulations, click Add.
On the Edit third-party phishing simulation flyout that opens, configure the following settings:
Sending domain: Expand this setting and enter at least one email address domain (for example, contoso.com) by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries.
Sending IP: Expand this setting and enter at least one valid IPv4 address by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries. Valid values are:
- Single IP: For example, 192.168.1.1.
- IP range: For example, 192.168.0.1-192.168.0.254.
- CIDR IP: For example, 192.168.0.1/25.
Simulation URLs to allow: Expand this setting and optionally enter specific URLs that are part of your phishing simulation campaign that should not be blocked or detonated by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. You can add up to 10 entries. For the URL syntax format, see URL syntax for the Tenant Allow/Block List.
To remove an existing value, click remove next to the value.
4. When you're finished, do one of the following steps:
- First time: Click Add, and then click Close.
- Edit existing: Click Save and then click Close.
The third-party phishing simulation entries that you configured are displayed on the Phishing simulation tab. To make changes, click Edit on the tab.